Title: File Upload Script PHPBB Module Arbitrary Script Upload Vulnerability
Severity: HIGH
Description:
File Upload Script is a phpBB module that allows users to upload files to a Web site.
File Upload Script is reported prone to an arbitrary script upload vulnerability. This issue results from insufficient sanitization of user-supplied data.
It is reported that the 'up.php' script does not sanitize file extensions prior to uploading a user-supplied file. This can allow an attacker to upload arbitrary PHP scripts to a computer.
If successful, the attacker can execute arbitrary script code on a vulnerable server. This can lead to unauthorized access in the context of the affected server.
All versions of File Upload Script are considered vulnerable at the moment.
Affected Products:
- File Upload Script File Upload Script 1.1.0
References:
- Meilad: File Upload Script
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
